[452] in linux-security and linux-alert archive
Re: SSLtelnet patch
daemon@ATHENA.MIT.EDU (Alan Cox)
Mon Nov 6 15:34:45 1995
From: iialan@iifeak.swan.ac.uk (Alan Cox)
To: aleph1@dfw.net (Aleph One)
Date: Mon, 6 Nov 1995 11:39:51 +0000 (GMT)
Cc: ssl-users@mincom.oz.au, linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.SUN.3.90.951101200411.18613B-100000@dfw.net> from "Aleph One" at Nov 1, 95 08:07:19 pm
> This patch address the current CERT advisory about the telnet
> vulnerability. It was created under linux using SSLtelnet 0.2.
> Iam not sure what the latest is but here it is anyway.
> You need to change LD_LIBRARY_PATH to whatever is dangerous in your
> OS.
>
No it doesnt. There are other variables you must clear (PRELOAD/ELF/AOUT
only variables) - and if you use login shell scripts for restricted acocunts
IFS.
Alan
